-
Notifications
You must be signed in to change notification settings - Fork 12
153 lines (139 loc) · 7.79 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: RIA DigiDoc iOS
on: [push, pull_request]
env:
BUILD_NUMBER: ${{ github.run_number }}
jobs:
build:
name: Build RIA DigiDoc on macOS
if: contains(github.repository, 'open-eid/MOPP-iOS') && contains(github.ref, 'master')
runs-on: macos-latest
strategy:
matrix:
xcode:
- 15.4
platform:
- iOS
env:
DEFAULT_CENTRAL_CONFIGURATION_URL: "https://id.eesti.ee"
DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL: 4
DEFAULT_CENTRAL_CONFIGURATION_TSL_URL: "https://ec.europa.eu/tools/lotl/eu-lotl.xml"
TEMP_KEYCHAIN_PATH: "$RUNNER_TEMP/ios-github-actions.keychain-db"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Download Libdigidocpp iOS artifact
uses: dawidd6/action-download-artifact@v6
with:
workflow: build.yml
branch: master
name: iphoneos
path: libdigidocpp-ios
repo: open-eid/libdigidocpp
- name: Download Libdigidocpp iOS Simulator artifact
uses: dawidd6/action-download-artifact@v6
with:
workflow: build.yml
branch: master
name: iphonesimulator
path: libdigidocpp-ios-simulator
repo: open-eid/libdigidocpp
- name: Extract libdigidocpp artifacts
run: |
ls -laht libdigidocpp-ios
ls -laht libdigidocpp-ios-simulator
unzip -o libdigidocpp-ios/libdigidocpp.iphoneos.zip -d libdigidocpp.iphoneos
unzip -o libdigidocpp-ios-simulator/libdigidocpp.iphonesimulator.zip -d libdigidocpp.iphonesimulator
ls -laht
- name: Update libdigidocpp in project
run: |
export LIBDIGIDOCPP_PATH=${{ github.workspace }}/MoppLib/MoppLib/libdigidocpp
rm -rf $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos && mkdir $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos && cp -r ${{ github.workspace }}/libdigidocpp.iphoneos/libdigidocpp.iphoneos/ $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos/
rm -rf $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator && mkdir $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator && cp -r ${{ github.workspace }}/libdigidocpp.iphonesimulator/libdigidocpp.iphonesimulator/* $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator/
- name: Install the Apple certificate and provisioning profiles
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
# Create variables
CERTIFICATE_P12_PATH=$RUNNER_TEMP/Certificate_iOS_Github_Actions.p12
MOBILEPROVISIONING_PATH=$RUNNER_TEMP/MobileProvisioning_iOS_Github_Actions.mobileprovision
MOBILEPROVISIONING_SHARE_EXTENSION_PATH=$RUNNER_TEMP/MobileProvisioningShareExtension_iOS_Github_Actions.mobileprovision
# Import certificate and provisioning profile from Github secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_P12_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $MOBILEPROVISIONING_PATH
echo -n "$BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64" | base64 --decode --output $MOBILEPROVISIONING_SHARE_EXTENSION_PATH
# Create temporary keychain
security create-keychain -p "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $TEMP_KEYCHAIN_PATH
security unlock-keychain -p "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH
security set-keychain-settings -lut 900
# Import certificate to temporary keychain
security import $CERTIFICATE_P12_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $TEMP_KEYCHAIN_PATH
security list-keychain -d user -s $TEMP_KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -s -k "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH
# Apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $MOBILEPROVISIONING_PATH ~/Library/MobileDevice/Provisioning\ Profiles
cp $MOBILEPROVISIONING_SHARE_EXTENSION_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Setup environment
env:
GOOGLE_SERVICES_PLIST: ${{ secrets.GOOGLE_SERVICES_PLIST }}
run: |
export LANG=en_US.UTF-8
cd ${{ github.workspace }}/MoppApp
echo -n "$GOOGLE_SERVICES_PLIST" | base64 --decode --output "GoogleService-Info.plist"
echo "APP_VERSION=$('/usr/bin/xcodebuild' -showBuildSettings | grep MARKETING_VERSION | tr -d 'MARKETING_VERSION =')" >> $GITHUB_ENV
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Install Swift-sh
run: brew install swift-sh
- name: Build and Archive
env:
APP_PROVISIONING_PROFILE_UUID: ${{ secrets.APP_PROVISIONING_PROFILE_UUID }}
SHARE_EXTENSION_PROVISIONING_PROFILE_UUID: ${{ secrets.SHARE_EXTENSION_PROVISIONING_PROFILE_UUID }}
run: |
cd ${{ github.workspace }}/MoppApp
xcodebuild archive -scheme MoppApp -configuration Release -archivePath "${{ github.workspace }}/MoppApp/build/DigiDoc.xcarchive" -allowProvisioningUpdates APP_PROVISIONING_PROFILE="$APP_PROVISIONING_PROFILE_UUID" SHARE_EXTENSION_PROVISIONING_PROFILE="$SHARE_EXTENSION_PROVISIONING_PROFILE_UUID"
- name: Export
env:
EXPORT_OPTIONS_PLIST: ${{ secrets.EXPORT_OPTIONS_PLIST }}
run: |
cd ${{ github.workspace }}/MoppApp
echo -n "$EXPORT_OPTIONS_PLIST" | base64 --decode --output "ExportOptions.plist"
xcodebuild -exportArchive -archivePath "${{ github.workspace }}/MoppApp/build/DigiDoc.xcarchive" -exportPath "${{ github.workspace }}/MoppApp/build/" -configuration Release -exportOptionsPlist ExportOptions.plist DEFAULT_CENTRAL_CONFIGURATION_URL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_URL }} DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL }} DEFAULT_CENTRAL_CONFIGURATION_TSL_URL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_TSL_URL }} "OTHER_SWIFT_FLAGS=-DCOCOAPODS" | xcpretty
# Change .ipa name
mv ${{ github.workspace }}/MoppApp/build/MoppApp.ipa ${{ github.workspace }}/MoppApp/build/RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}.ipa
- name: Upload artifact
uses: actions/upload-artifact@v4
if: success()
with:
name: "RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}"
path: "${{ github.workspace }}/MoppApp/build/RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}.ipa"
- name: Clean up
if: ${{ always() }}
run: |
TEMP_KEYCHAIN_PATH="$RUNNER_TEMP/ios-github-actions.keychain-db"
MOBILEPROVISIONING_PATH=$RUNNER_TEMP/MobileProvisioning_iOS_Github_Actions.mobileprovision
MOBILEPROVISIONING_SHARE_EXTENSION_PATH=$RUNNER_TEMP/MobileProvisioningShareExtension_iOS_Github_Actions.mobileprovision
# Keychain
if [[ -f $TEMP_KEYCHAIN_PATH ]]
then
security delete-keychain $TEMP_KEYCHAIN_PATH
fi
# Main provisioning profile
if [[ -f $MOBILEPROVISIONING_PATH ]]
then
rm $MOBILEPROVISIONING_PATH
fi
# Share Extension provisioning profile
if [[ -f $MOBILEPROVISIONING_SHARE_EXTENSION_PATH ]]
then
rm $MOBILEPROVISIONING_SHARE_EXTENSION_PATH
fi